Iran Focus
London, 26 July – An American cybersecurity company has revealed their findings on a new “highly active” espionage group – believed to be Iranian – that is breaking into the networks of government organizations and other firms located in the Middle East.
On Wednesday, Symantec said that the hacking collective known as “Leafminer” has been targeting Saudi Arabia, the United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan. The roughly 800 organisations targeted cut across several sectors, including energy, telecommunications, financial services, transportation and government.
Vikram Thakur, technical director at Symantec, said Leafminer has been active since early 2017, but has significantly increased its attacks since the end of last year.
Why do they think that the hackers are Iranian?
Well, mainly because the list of organisations to target was written in Farsi. However, there is also the matter of the countries that have been targeted.
Thakur said: “All the target organizations, they have some kind of political discourse ongoing with Iran, and Iran is actually missing from the list themselves. From an analytics perspective, that just adds to the fact that they’re likely to be from Iran.”
While this doesn’t prove that the hackers were directed by Iran, Thakur said it is a possibility.
However, if you’ve been closely following the topic of Iranian cyber espionage, you’ll soon realise that it would not be unusual for Iran to direct hackers.
Indeed, many security professionals have reported that Iranian cyber-attacks have been growing in size, scale, and sophistication in recent years, likely due to investment by the Iranian mullahs.
In March, Thakur said: “What we’ve noticed of the overall picture that the number of attacks that are originating from that geography is much, much higher than seven or eight years ago. In the coming years, we’d expect Chafer [the Iranian hacking group they revealed in February] as well as other cyber actors originating from Iran to continue increasing their volumes of attack as well as their list of victims.”
It’s also worth noting that most independent hacking groups would be targeting organisations that they could profit from (i.e. demanding a ransom not to leak the information), rather than spy on the agencies.
They would also be more likely to target private companies, who would prefer to hide the attack, rather than government agencies that would be looking to prosecute hackers.
It seems there can be no real doubt that Iran is behind these attacks.
